The advantage of the above method is that it’s a more official way of actually converting an SQVI Query into a SQ01 query which is shared with a certain user group.

However, suppose you just want to quickly share a query you build (just to analyse and test a certain bug which now is fixed –so you’ll probably do not need this query once the fix in your production system) with some people and therefore are not looking for an ‘official’ method to share the SQVI query as SQ01 query.

Then the following approach is definitely the quickest way I recently figured out

Whenever you start working at a new customer who has implemented SAP CRM, you will probably be working in the newest releases of SAP CRM, being CRM 7.0 which uses the CRM Web User Interface, which is based on the business role concept.

In my other blogs on www.sapuniversity.eu I already explained that business role assignment can be done in 3 ways.

Now, in order to properly test the business processes you normally use the method of business role assignment that is determined during logon based on the assignment of the User (linked to the employee master record) which is assigned to a position in the organisation model.

Usually – the customer already has running a SAP CRM environment and as such the setup of the organisational model is already in place. Now – probably they have already defined several business roles in customizing that are adapted to the customer specific requirements and furthermore, these business roles are probably already assigned to either 1 or multiple organisational units and/or positions. Continue reading »

Introduction to ACE

A lot of big clients having big or complex CRM installations face the same problem: how can we restrict the users only to particular data that they need to see?

We don’t mean authorizations related to functionality, but related to business content (Real time data). Imagine you run a big business and have millions of customers worldwide. Then a sales representative responsible for a group of customers in Region AAA should not see any customers from Region XXX in his search results. Or a sales representative with responsibility for a certain branch should not be bothered with customers of other branches. Most important here is if the structure of the sales organization changes, you don’t want to end up changing all kind of authorization profiles/Roles.

To solve these issues, SAP came up in CRM with a pretty nice solution: CRM-ACE. This stands for Access Control Engine and is a framework to dynamically calculate user dependent access rights on object level. It originates from Channel Management but works in all PCUI (People Centric User Interface) functionalities. One Limitation here is, it doesn’t work in other environments like IC Web client or via the SAP GUI.